CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16574 matches found

RedhatCVE•added 2026/06/05 7:29 p.m.•7 views

CVE-2026-46561

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest used by the parseurls API. An authenticated attacker can supply a URL pointing to an attacker-controlled server that responds with...

5CVSS5.5AI score0.00176EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:22 p.m.•6 views

CVE-2026-7855

A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tgglasp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. The attack can be initiated remotely. The exploit is no...

9CVSS8.2AI score0.01057EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:20 p.m.•8 views

CVE-2026-32135

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the uriparamparse function of NanoMQ's REST API. The vulnerability occurs due to an off-by-one error when allocating memory for query parameter keys an...

8.7CVSS5.8AI score0.00502EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:17 p.m.•5 views

CVE-2026-6194

A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remote exploitation of...

9CVSS8AI score0.00472EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:15 p.m.•6 views

CVE-2026-20180

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

9.9CVSS6.5AI score0.05972EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:11 p.m.•7 views

CVE-2026-8047

The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw to cause a denial of service via a system crash on the affected device...

8.7CVSS5.6AI score0.00445EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:10 p.m.•7 views

CVE-2026-8620

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request...

7.5CVSS5.4AI score0.00232EPSS

Exploits0References1

F5 Networks•added 2026/06/05 2:53 p.m.•9 views

K000161600: Apache Tomcat vulnerability CVE-2026-24880

Security Advisory Description Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115,...

7.5CVSS7.1AI score0.00453EPSS

Exploits0Affected Software1

Cvelist•added 2026/06/05 11:31 a.m.•39 views

CVE-2026-11346 Server-Side Request Forgery (SSRF) allowing Internal Network Probing in linqi

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

5.3CVSS0.00226EPSS

Exploits0References1

Cvelist•added 2026/06/04 1:40 a.m.•36 views

CVE-2026-41860

CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelpercreateasyncendpoint and sendhttpgetrequestsynchronous hard-code OpenSSL::SSL::VERIFYNONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH...

8.8CVSS0.00076EPSS

Exploits0References1

CNNVD•added 2026/06/04 12:0 a.m.•4 views

Cloud Foundry BOSH 安全漏洞

Cloud Foundry BOSH is a cloud infrastructure automation platform developed by the American Cloud Foundry company. All versions of Cloud Foundry BOSH, as well as previous versions, have security vulnerabilities. These vulnerabilities stem from the hardcoded SSL verification disabled in...

8.8CVSS5.4AI score0.00076EPSS

Exploits0References2

CVE•added 2026/06/03 4:6 p.m.•14 views

CVE-2026-20175

CVE-2026-20175 – Cisco Finesse remote file inclusion vulnerability. An unauthenticated, remote attacker can load arbitrary files into an active user session by sending a crafted HTTP request, potentially enabling browser‑based attacks and execution of script code or access to sensitive informatio...

6.1CVSS6.1AI score0.0018EPSS

Exploits0References1

Debian CVE•added 2026/06/03 1:17 p.m.•5 views

CVE-2026-44546

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

5.3CVSS5.8AI score0.00172EPSS

Exploits0

NVD•added 2026/06/02 4:16 p.m.•10 views

CVE-2026-49753

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

6.3CVSS0.00301EPSS

Exploits0References4

NVD•added 2026/06/02 4:16 p.m.•13 views

CVE-2026-48861

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...

2.1CVSS0.00166EPSS

Exploits0References4

EUVD•added 2026/06/02 2:15 p.m.•7 views

EUVD-2026-33941

6.3CVSS5.8AI score0.00301EPSS

Exploits0References4

ATTACKERKB•added 2026/06/02 2:15 p.m.•7 views

CVE-2026-49753

6.3CVSS5.8AI score0.00301EPSS

Exploits0References5Affected Software1

OSV•added 2026/06/02 2:15 p.m.•6 views

EEF-CVE-2026-48861 CRLF injection in HTTP/1 request line via unvalidated method in Mint

Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the...

2.1CVSS6AI score0.00166EPSS

Exploits0References4

IBM Security Bulletins•added 2026/06/02 7:4 a.m.•7 views

Security Bulletin: Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

Summary Security Vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected ...

9.1CVSS7.5AI score0.00635EPSS

Exploits0Affected Software2